-
Cisco Wireless LAN Controller Configuration Guide, Release 5.2
-
Preface
-
Chapter 1 - Overview
-
Chapter 2 - Using the Web-Browser and CLI Interfaces
-
Chapter 3 - Configuring Ports and Interfaces
-
Chapter 4 - Configuring Controller Settings
-
Chapter 5 - Configuring Security Solutions
-
Chapter 6 - Configuring WLANs
-
Chapter 7 - Controlling Lightweight Access Points
-
Chapter 8 - Controlling Mesh Access Points
-
Chapter 9 - Managing Controller Software and Configurations
-
Chapter 10 - Managing User Accounts
-
Chapter 11 - Configuring Radio Resource Management
-
Chapter 12 - Configuring Mobility Groups
-
Chapter 13 - Configuring Hybrid REAP
-
Appendix A - Safety Considerations and Translated Safety Warnings
-
Appendix B - Declarations of Conformity and Regulatory Information
-
Appendix C - End User License and Warranty
-
Appendix D - Troubleshooting
-
Appendix E - Logical Connectivity Diagrams
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
Numerics
11n Mode parameter 4-18
1250 series access points
and PoE Status field 7-72
operating modes when using PoE 7-70
transmit power settings when using PoE 7-71
3DES IPSec data encryption 5-9
7920 AP CAC parameter 6-34
7920 Client CAC parameter 6-34
7920 support mode
configuring 6-32
described 6-32
7921 support mode 6-33
802.11a (or 802.11b) > Client Roaming page 4-42
802.11a (or 802.11b) > Video Parameters page 4-56
802.11a (or 802.11b) > Voice Parameters page 4-54
802.11a (or 802.11b/g) > EDCA Parameters page 4-67
802.11a (or 802.11b/g) Global Parameters > Auto RF page 11-8
802.11a (or 802.11b/g) Global Parameters page 4-14, 11-37
802.11a (or 802.11b/g) Network Status parameter 4-14
802.11a/n (4.9 GHz) > Configure page 8-51
802.11a/n (or 802.11b/g/n) Cisco APs > Configure page 11-27
802.11a/n (or 802.11b/g/n) Radios page 4-60, 11-26
802.11a > Pico Cell page 11-42
802.11a > Pico Cell page with pico cell mode V2 parameters 11-43
802.11a > RRM > Coverage page 11-16
802.11a > RRM > DCA page 11-12
802.11a > RRM > Dynamic Channel Assignment (DCA) page 11-12
802.11a > RRM > General page 11-18
802.11a > RRM > Tx Power Control (TPC) page 11-10
802.11b/g/n Cisco APs > Configure page 7-60, D-40
802.11 bands
configuring using the CLI4-15to 4-17
configuring using the GUI4-14to 4-15
802.11g Support parameter 4-14
802.11n
clients 7-75
configuring
devices 4-17
802.11n (2.4 GHz) High Throughput page 4-18
802.1Q VLAN trunk port 3-5
802.1X
configuring 6-21
described 6-22
dynamic key settings 6-21
802.1X+CCKM
configuring 6-23
described 6-22
802.1X authentication for access points
configuring
the switch 7-14
described 7-9
802.1x Authentication parameter 7-10
802.3 bridging
configuring using the CLI 4-33
configuring using the GUI4-32to 4-33
802.3 Bridging parameter 4-33
802.3 frames 4-32
802.3X flow control, enabling 4-31
A
AAA override
configuring
using the CLI 5-79
described 5-77
AC adapter warning for Japan B-7
Access Control List Name parameter 5-55
access control lists (ACLs)
applying to an interface
using the CLI 5-64
applying to a WLAN
using the CLI 5-64
applying to the controller CPU
using the CLI 5-64
configuring
configuring for the debug facilityD-35to D-36
counters
configuring using the CLI 5-62
configuring using the GUI 5-54
described 5-53
identity networking 5-74
using with the debug facilityD-34to D-35
Access Control Lists > Edit page 5-57
Access Control Lists > New page 5-54
Access Control Lists > Rules > New page 5-55
Access Control Lists page 5-54
Access Mode parameter 4-26, 4-28
access point core dumps, uploading
using the CLI 7-32
using the GUI 7-31
access point event logs, viewing D-13
access point groups
assigning access points to
using the CLI 6-47
creating
default group 6-43
described 6-41
illustrated 6-42
number supported 6-43
removing
using the CLI 6-46
using the GUI 6-44
access point manager interface, configuring using the configuration wizard 4-5
access point monitor service, debugging D-43
access points
20-MHz channelization 11-27
40-MHz channelization 11-27
adding MAC address to controller filter list
assisted roaming 4-41
authorization list 7-23
authorizing
using MICs 7-18
using SSCs 7-18
using the CLI 7-23
using the GUI 7-22
configuring hybrid REAP using the CLI 13-14
converting to mesh access points 8-47
embedded 7-14
guidelines for operating in Japan B-6, B-7
LEDs
configuring 7-74
interpreting D-2
migrating from the -J regulatory domain to the -U regulatory domain7-55to 7-57
number supported per controller 3-4
priming 7-3
regulatory informationB-2to B-10
rules for operating in TaiwanB-8to B-9
supported for use with hybrid REAP 13-2
supporting oversized images7-33to 7-34
troubleshooting
using Telnet or SSH D-42
VCI strings 7-24
verifying that they join the controller 7-4
viewing multicast client table 4-39
Accounting Server parameters 6-53
accounting servers, disabling per WLAN 6-52
ACL. See access control lists (ACLs)
ACS server configuration page 6-50
Action parameter 5-57
active exploits 5-121
Add AAA Client page (on CiscoSecure ACS) 5-5, 5-19
Add AP button 13-18
Add New Rule button 5-55
Add Web Server button 10-17
AdHoc Rogue AP parameter 5-84
administrator access 4-23
administrator usernames and passwords, configuring 4-23
Admin Status parameter 3-21
Admission Control (ACM) parameter 4-55, 4-56
AES CBS IPSec data encryption 5-9
AES-CCMP 6-22
AES parameter 6-23
Aggregated MAC Protocol Data Unit (A-MPDU) 4-20
Aggregated MAC Service Data Unit (A-MSDU) 4-20
aggregation method, specifying 4-20
AirMagnet Enterprise Analyzer D-39
Aironet IE parameter 6-25, 6-39
Aironet IEs
configuring using the CLI 6-41
configuring using the GUI 6-39
Airopeek D-39
Alarm Trigger Threshold parameter 11-35
All APs > Access Point Name > Link Details > Neighbor Name page 8-45
All APs > Access Point Name > Mesh Neighbor Stats page 8-45
All APs > Access Point Name > Neighbor Info page 8-44
All APs > Access Point Name > Statistics page 8-39
All APs > Access Point Name > VLAN Mappings page 13-13
All APs > Details (Advanced) page
configuring CDP 4-72
All APs > Details for (Advanced) page 7-31
configuring country codes 7-51
configuring link latency 7-68
configuring PoE 7-71
All APs > Details for (Credentials) page 7-7, 7-11
All APs > Details for (General) page 13-12
All APs > Details for (High Availability) page 7-43, 7-47
All APs > Details for (H-REAP) page 13-12
All APs > Details for (Inventory) page 7-64
All APs > Details for page D-40
All APs > Details page 8-27, 11-34
All APs page 8-38, 11-34, 13-12
Allow AAA Override parameter 5-79
anchor controller in inter-subnet roaming 12-4
AnchorTime parameter 11-13
anonymous local authentication bind method 5-33, 5-36
Anonymous Provision parameter 5-43
Antenna Gain parameter 11-29
Antenna parameter 11-28
Antenna Type parameter 11-28
AP > Clients > Traffic Stream Metrics page 4-61
AP > Clients page 4-61
AP801 access point
described 7-14
using with a controller 7-14
AP Authentication Policy page 5-67, 11-35
AP Core Dump parameter 7-31
AP Ethernet MAC Addresses parameter 7-20
AP Failover Priority parameter 7-47
AP Group Name parameter 6-44
AP Groups > Edit (APs) page 6-45
AP Groups > Edit (General) page 6-44
AP Groups > Edit (WLANs) page 6-45, 6-59
AP-manager interface
configuring
using the CLI 3-14
creating multiple interfaces3-37to 3-38
described 3-6
illustration
of four AP-manager interfaces 3-37
of three AP-manager interfaces 3-36
of two AP-manager interfaces 3-35
AP Mode parameter 11-35, 13-12, D-40
AP Name parameter 6-46
AP Policies page 7-22
AP Primary Discovery Timeout parameter 7-42
ASLEAP detection 5-121
Assignment Method parameter 11-27, 11-29
asymmetric tunneling
described 12-25
illustrated 12-26
audience of document xxiv
authenticated local authentication bind method 5-33, 5-36
Authentication Priority parameter 5-11, 5-24
Authentication Protocol parameter 4-28
Auth Key Mgmt parameter 6-23
Authority ID Information parameter 5-43, 13-21, 13-22
Authority ID parameter 5-43, 13-21
Authorize LSC APs against auth-list parameter 7-22
Authorize MIC APs against auth-list or AAA parameter 7-22
authorizing access points
using the CLI 7-23
using the GUI 7-22
auto-anchor mobility
configuring
guidelines 12-21
AutoInstall
example operation 4-9
obtaining
DHCP addresses for interfaces 4-7
TFTP server information 4-7
overview 4-6
selecting configuration file 4-8
using 4-6
auto RF, configuring using the configuration wizard 4-6
Average Data Rate parameter 4-46, 4-49
Average Real-Time Rate parameter 4-46, 4-50
Avoid Cisco AP Load parameter 11-13
Avoid Foreign AP Interference parameter 11-13, 12-18
Avoid Non-802.11a (802.11b) Noise parameter 11-13
B
Backhaul Client Access parameter 8-16, 8-51
backup controllers
configuring
described 7-41
Back-up Primary Controller IP Address parameter 7-43
Back-up Primary Controller Name field 7-43
Back-up Secondary Controller IP Address parameter 7-43
Back-up Secondary Controller Name parameter 7-43
bandwidth-based CAC
described 4-52
enabling
using the CLI 4-62
using the GUI 4-55
for mesh networks 8-31
Base MAC Address parameter 3-26
Beacon Period parameter 4-14
Bind Password parameter 5-33
Bind Username parameter 5-33
bootup script for configuration wizard 4-4
Bridge Data Rate parameter 8-29
Bridge Group Name parameter 8-28
bridge protocol data units (BPDUs) 3-23
bridging parameters
configuring using the CLI 8-30
configuring using the GUI8-27to 8-29
browsers supported 2-2
Buffered Log Level parameter D-8
Burst Data Rate parameter 4-46, 4-50
Burst Real-Time Rate parameter 4-46, 4-50
C
CAC
configuring for 7920 phones 6-32
described 4-52
enabling
using the CLI 4-63
using the GUI 4-56
in mesh networks 8-31
viewing in mesh networks8-34to 8-36
viewing using the CLI 4-64
Canadian compliance statement B-3
CA Server URL parameter 7-19
Catalyst 3750G Integrated Wireless LAN Controller Switch
described 1-10
logical connectivity diagram and associated software commandsE-4to E-6
cautions xxv
CCA Sensitivity Threshold parameter 11-44
CCKM
configuring 6-23
described 6-22
hybrid-REAP groups 13-16
with mobility 12-7
CCX
configuring Aironet IEs
using the CLI 6-41
using the GUI 6-39
described 6-38
link test 7-64
viewing a client's version
using the CLI 6-41
CCX Layer 2 client roaming
configuring
using the CLI 4-43
debugging using the CLI 4-44
described 4-41
obtaining information using the CLI 4-43
CCX radio management
configuring
using the CLI 11-39
debugging using the CLI 11-41
features 11-36
hybrid-REAP considerations 11-36
obtaining information using the CLI11-39to 11-40
CCXv5 clients
enabling location presence 4-86
CCXv5 Req button D-26
CCX Version parameter 6-40
CDP > AP Neighbors > Detail page 4-75
CDP > AP Neighbors page 4-74
CDP > Global Configuration page 4-71
CDP > Interface Neighbors > Detail page 4-73
CDP > Interface Neighbors page 4-73
CDP > Traffic Metrics page 4-75
CDP Advertisement Version parameter 4-71
CDP AP Neighbors page 4-74
CDP Protocol Status parameter 4-71
CDP State parameter 4-72
Certificate Authority (CA) certificates
downloading
using the GUI 9-16
overview 9-15
using with local EAP 5-39, 5-44
Certificate Issuer parameter 5-42
Certificate Password parameter 9-14
Certificate Type parameter 7-23
Change Rules Priority parameter 5-89
Channel Assignment Leader parameter 11-14
Channel Assignment Method parameter 11-13
channel bonding in the 5-GHz band 11-28
channels
statically assigning using the CLI 11-30
statically assigning using the GUI11-26to 11-30
Channel Scan Duration parameter 11-19
Channel Width parameter 11-14, 11-27
Check Against CA Certificates parameter 5-42
Check Certificate Date Validity parameter 5-42
chokepoints for RFID tag tracking 4-79
CIDS Sensor Add page 5-102
CIDS Sensors List page 5-102
CIDS Shun List page 5-105
ciphers
described 6-23
Cisco 2100 Series Wireless LAN Controllers
AutoInstall interfaces 4-7
described 1-8
FCC statement B-10
features not supported 1-8
network connections 1-16
Cisco 28/37/38xx Integrated Services Router
described 1-10
logical connectivity diagram and associated software commands E-3
using 4-90
versions 1-10
Cisco 3200 Series Mobile Access Router (MAR)
described 8-50
operating with mesh access points
using the CLI to configure 8-52
using the GUI to configure 8-51
Cisco 3300 Series Mobility Services Engine (MSE), using with wIPS 5-118
Cisco 4400 Series Wireless LAN Controllers
AutoInstall interfaces 4-7
described 1-8
FCC statement B-10
models 3-4
network connections 1-17
supporting more than 48 access points3-34to 3-38
Cisco 7920 Wireless IP Phones 6-33
Cisco 7921 Wireless IP Phones 6-33
Cisco AV-pairs 6-48, 6-49, 6-50
Cisco Centralized Key Management (CCKM). See CCKM
Cisco Clean Access (CCA) 6-54
Cisco Client Extensions (CCX). See CCX
Cisco Discovery Protocol (CDP)
configuring
debugging using the CLI 4-78
described 4-69
enabling using the GUI4-71to 4-72
sample network 4-70
supported devices 4-69
viewing neighbors
viewing traffic information
using the CLI 4-77
using the GUI 4-75
Cisco Discovery Protocol parameter 4-72
Cisco high-power switches 7-72
Cisco Logo parameter 10-10
Cisco NAC Appliance 6-54
CiscoSecure Access Control Server (ACS) 5-4
Cisco Unified Wireless Network (UWN) Solution
illustrated 1-3
Cisco Wireless Control System (WCS) 1-2
Cisco WiSM
configuring the Supervisor 7204-88to 4-90
guidelines 4-89
logical connectivity diagram and associated software commandsE-2to E-3
maximum number supported by router chassis 1-9
SSC key-hash 7-16
CKIP
configuring
using the CLI 6-26
described 6-25
Clear Filter link 6-7
clearing the controller configuration 9-27
Clear Stats button 12-19
CLI
basic commands 2-9
enabling wireless connections 2-9
logging out 2-9
navigating 2-9
troubleshooting commandsD-5to D-6
Client Certificate Required parameter 5-42
client location, using WCS 1-7
client MFP 5-65
Client Protection parameter 5-69
client reporting
configuring using the CLID-28to D-31
configuring using the GUID-25to D-28
described D-19
Client Reporting page D-27
client roaming, configuring4-40to 4-44
clients
connecting to WLANs 13-15
viewing
viewing CCX version
using the CLI 6-41
Clients > AP > Traffic Stream Metrics page 4-59
Clients > AP page 4-59
Clients > Detail page
configuring client reporting D-26
viewing a client's CCX version 6-40
viewing client details 7-39, 7-77
viewing the status of workgroup bridges 7-38
viewing voice and video settings 4-58
Clients page
performing a link test 7-66
viewing clients 7-75
viewing the status of workgroup bridges 7-38
viewing voice and video settings 4-57
Client Type parameter 7-38, 7-39
Commands > Reset to Factory Defaults page 4-3
comma-separated values (CSV) file, uploading 13-20
Community Name parameter 4-26
conditional web redirect 6-48
configuring
using the CLI 6-51
described 6-48
Conditional Web Redirect parameter 6-51
Configuration File Encryption parameter 9-23
configuration files
downloading
uploading
using the GUI 9-21
configuration wizard
described 4-2
Configure option for RRM override 11-26
Confirm Password parameter 13-10
Console Log Level parameter D-8
Control and Provisioning of Wireless Access Points protocol (CAPWAP) 1-6
debugging 7-5
described 7-2
guidelines 7-2
viewing MTU information 7-5
controller failure detection time, reducing 7-41
controller network module
baud rate 3-3
versions 3-4
controllers
configuration
clearing 9-27
erasing 9-27
saving 9-25
connections 1-11
discovery process 7-2
guidelines for operating in JapanB-6to B-7
multiple-controller deployment 1-4
resetting factory default settings
using the CLI 4-3
using the GUI 4-3
single-controller deployment1-3to 1-4
synchronizing with location appliance 4-85
types of memory 1-14
upgrading software
uploading core dump files from D-17
Controller Spanning Tree Configuration page 3-26
Controller Time Source Valid parameter 5-69
Control Path parameter 12-23
conventions of documentxxvto xxvii
core dump files, uploading from the controller D-17
Country Code parameter 7-51
country codes
commonly used 7-49
configuring
using the configuration wizard 4-5
described 7-49
Japanese 7-55
viewing using the CLI 7-53
Country page 7-50
Coverage Exception Level per AP parameter 11-16
coverage hole detection
configuring per controller
using the CLI 11-21
disabling on a WLAN
described 6-53
using the CLI 6-54
coverage hole detection and correction 11-4
Coverage Hole Detection Enabled parameter 6-53
CPU Access Control Lists page 5-60
CPU ACL Mode parameter 5-60
crash files
uploading
Current Channel parameter 11-29
Custom Signatures page 5-110
D
Data Path parameter 12-23
Data Rates parameter 4-15
date
configuring manually 4-10
configuring through NTP server 4-10
setting
using the CLI 4-11
using the GUI 4-10
DCA Channel Sensitivity parameter 11-13
DCA Channels parameter 11-14
debug commands, sending 7-28
debug facility
default enable password 7-5
default-group access point group 6-43
Default Mobility Group parameter 12-11
Default Routers parameter 6-12
Delivery Traffic Indication Map (DTIM). See DTIM period
Deny Counters parameter 5-57
Description parameter 5-30, 8-12, 13-10
Designated Root parameter 3-26
DES IPSec data encryption 5-9
Destination parameter 5-56
Destination Port parameter 5-56
Detect and Report Ad-Hoc Networks parameter 5-84
device certificates
downloading
overview 9-13
using with local EAP 5-39, 5-44
DHCP
configuring using the CLI 6-10
configuring using the GUI 6-9
debugging 6-11
DHCP Addr. Assignment Required parameter 6-10
DHCP Allocated Lease page 6-13
DHCP option 43, in controller discovery process 7-3
DHCP option 82
described 5-52
example 5-52
DHCP Parameters page 4-22
DHCP proxy
configuring
using the CLI 4-23
described 4-22
DHCP Scope > Edit page 6-12
DHCP scopes
configuring
described 6-11
DHCP Scopes page 6-11
DHCP server discovery 7-3
DHCP Server IP Addr parameter 6-10
DHCP Server Override parameter 6-10
DHCP servers
configuring using the configuration wizard 4-5
internal 6-8
diagnostic channel
configuring
described D-19
Diagnostic Channel parameter D-21
directed roam request 4-41
Direction parameter 5-56
disabled clients, configuring a timeout 6-15
discovery request timer, configuring 7-45
distribution system ports3-4to 3-5
Diversity parameter 11-29
DNS Domain Name parameter 6-12
DNS Servers parameter 6-12
document
audience xxiv
purpose xxiv
domain name server (DNS) discovery 7-3
Download button
downloading a CA certificate 9-17
downloading a configuration file 9-24
downloading a customized web authentication login page 10-19
downloading a device certificate 9-14
downloading a signature file 5-110
Download File to Controller page
downloading a customized web authentication login page 10-18
downloading CA certificates 9-16
downloading configuration files 9-23
downloading device certificates 9-13
downloading IDS signatures 5-109
DSCP parameter 5-56
DTIM period, configuring for MAC filtering 6-16
DTPC Support parameter 4-15
dynamic channel assignment (DCA)
20-MHz channelization 11-4, 11-14
40-MHz channelization 11-4, 11-14
configuring
described 11-3
sensitivity thresholds 11-14
dynamic frequency selection7-58to 7-59
dynamic interface
configuring
using the CLI 3-18
described 3-8
dynamic transmit power control, configuring 4-15
dynamic WEP, configuring 6-21
Dynamic WEP Key Index parameter 5-40
E
EAP-FAST Method Parameters page 5-43
EAP-FAST parameter 5-41
EAPOL-Key Max Retries parameter 5-40
EAPOL-Key Timeout parameter 5-40
EAP Profile Name parameter 5-44
EAP-TLS parameter 5-41
EDCA Profile parameter 4-67
Edit QoS Profile page 4-45
Edit QoS Role Data Rates page 4-49
Egress Interface parameter 10-27
Email Input parameter 10-28
Enable AP Local Authentication parameter 13-19
Enable AP Provisioning parameter 7-20
Enable Check for All Standard and Custom Signatures parameter 5-111
Enable Controller Management to be accessible from Wireless Clients parameter 2-10, 5-51
Enable Counters parameter 5-54
Enable Coverage Hole Detection parameter 11-16
Enable CPU ACL parameter 5-60
Enable DHCP Proxy parameter 4-23
Enable Dynamic AP Management parameter 3-38
Enable EAP-FAST Authentication parameter 13-21
Enable IGMP Snooping parameter 4-37
Enable LEAP Authentication parameter 13-21
Enable Link Latency parameter 7-68
Enable Low Latency MAC parameter 4-68
Enable LSC on Controller parameter 7-19
Enable Password parameter 7-7
Enable Server Status parameter 5-33
Enable Tracking Optimization parameter 7-60
Encryption Key parameter 6-26
end user license agreementC-2to C-4
enhanced distributed channel access (EDCA) parameters
configuring using the CLI4-68to 4-69
configuring using the GUI4-67to 4-68
enhanced neighbor list
request (E2E) 4-41
erasing the controller configuration 9-27
Ethernet connection, using remotely 2-8
Ethernet Multicast Mode parameter 4-36
European declaration of conformityB-4to B-5
event reporting for MFP 5-66
Expedited Bandwidth parameter 4-55
expedited bandwidth requests
described 4-53
enabling
using the CLI 4-63
using the GUI 4-55
Expiration Timeout for Rogue AP and Rogue Client Entries parameter 5-84
Extensible Authentication Protocol (EAP)
configuring 6-21
setting local timers 5-45
timeout and failure counters
per access point 5-48
per client 5-48
extension channel 11-29
F
factory default settings
resetting using the CLI 4-3
resetting using the GUI 4-3
failover priority for access points
configuring
using the CLI 7-48
described 7-46
viewing using the CLI 7-48
failover protection 1-15
fake access point detection 5-121
Fast Ethernet port 3-4
fast heartbeat timer
configuring
using the CLI 7-44
using the GUI 7-42
described 7-41
fast SSID changing
configuring using the CLI 4-31
configuring using the GUI 4-31
FCC declaration of conformityB-2to B-3
FCC statement
2100 series controllers B-10
4400 series controllers B-10
Federal Information Processing Standards (FIPS) 5-11
File Compression parameter 7-31
file transfers 1-13
File Type parameter
downloading a CA certificate 9-16
downloading a configuration file 9-23
downloading a customized web authentication login page 10-18
downloading a device certificate 9-13
upgrading controller software 9-9
uploading a configuration file 9-21
uploading PACs 9-19
filter, using to view clients7-75to 7-76
Fingerprint parameter 5-103
flashing LEDs, configuring 7-74
foreign controller in inter-subnet roaming 12-4
Forward Delay parameter 3-27, 3-28
forwarding plane architecture 4-32
Fragmentation Threshold parameter 4-14
Friendly Rogue > Create page 5-89
FTP server guidelines 9-2
G
General (controller) page
configuring 802.3 bridging 4-33
configuring an RF group 11-6
enabling link aggregation 3-32
enabling multicast mode 4-36
General (security) page 5-29, 5-121
General page 5-40
Generate Password parameter 10-5
gigabit Ethernet port 3-4
Global AP Failover Priority parameter 7-47
Global Configuration page
configuring authentication for access points 7-10
configuring backup controllers 7-42
configuring failover priority for access points 7-46
configuring global credentials for access points 7-6
global credentials for access points
configuring
described 7-5
overriding
using the CLI 7-8
using the GUI 7-7
Group Mode parameter 11-8, 12-17
Group Name parameter 12-12, 13-17
Group Setup page (on CiscoSecure ACS) 5-21
Guest LAN parameter 10-26
guest N+1 redundancy 12-20
guest user accounts
creating as a lobby ambassador10-4to 10-6
viewing
using the CLI 10-7
using the GUI 10-6
Guest User parameter 5-30, 13-10
Guest User Role parameter 5-30, 13-10
guest WLAN, creating 10-5
GUI
browsers supported 2-2
enabling wireless connections 2-9
guidelines 2-2
opening 2-2
using 2-2
H
Headline parameter 10-10
Hello Time parameter 3-27, 3-28
help, obtaining 2-2
hex2pcap sample output D-37
high-density network
benefits 11-41
example 11-41
overview 11-41
Honeypot access point detection 5-121
HREAP Group Name parameter 13-13
HREAP Groups > Edit (Local Authentication > Local Users) page 13-20
HREAP Groups > Edit (Local Authentication > Protocols) page 13-21
HREAP Groups > Edit page 13-18
HREAP Groups page 13-17
H-REAP Local Switching parameter 13-8
H-REAP Mode AP Fast Heartbeat Timeout parameter 7-42
H-REAP Mode AP Fast Heartbeat Timer State parameter 7-42
HTTP Access parameter 2-3
HTTP Configuration page 2-3
HTTPS Access parameter 2-3
hybrid REAP
access points supported 13-2
authentication process13-2to 13-4
bandwidth restriction 13-2
configuring
access points using the CLI 13-14
access points using the GUI13-11to 13-13
controller using the GUI13-6to 13-10
guidelines 13-4
illustrated 13-2
number of access points supported 13-2
overview 13-2
hybrid-REAP
hybrid-REAP groups
backup RADIUS server 13-16
CCKM 13-16
configuring
using the CLI 13-22
described 13-15
example 13-16
local authentication 13-17
Hysteresis parameter 4-42
I
identity networking
overview 5-73
Identity Request Max Retries parameter 5-40
Identity Request Timeout parameter 5-40
IDS 5-102
IDS sensors
configuring
described 5-102
IDS signature events
viewing using the CLI5-116to 5-117
viewing using the GUI5-113to 5-114
IDS signatures
configuring
described 5-106
frequency 5-112
measurement interval 5-112
pattern 5-112
tracking method 5-112
uploading or downloading using the GUI5-109to 5-110
viewing
IGMP Timeout parameter 4-37
IKE Diffie Hellman Group parameter 5-10
IKE Phase 1 parameter 5-10
Index parameter for IDS 5-103
indoor access points
converting to mesh access points 8-47
infrastructure MFP
components 5-66
described 5-65
Infrastructure MFP Protection parameter 5-68
Infrastructure Protection parameter 5-69
Infrastructure Validation parameter 5-69
Ingress Interface parameter 10-27
Injector Switch MAC Address parameter 7-72
inline power 7-70
intelligent power management (IPM) 7-72
inter-controller roaming
described 4-40
example 12-3
Interface Name parameter 6-45, 6-56, 6-59, 8-12
Interface parameter 6-10
interfaces
and identity networking 5-75
assigning WLANs 6-15
configuring
Interfaces > Edit page
applying an ACL to an interface 5-59
configuring dynamic interfaces 3-17
configuring NAC out-of-band integration 6-57
configuring wired guest access 10-26
creating multiple AP-manager interfaces 3-37
Interfaces > New page 3-16, 3-37
Interfaces page 3-11
interference 11-3
Interference threshold parameter 11-18
Internet Group Management Protocol (IGMP)
configuring
using the CLI 4-38
using the GUI 4-37
snooping 4-34
inter-subnet mobility 12-7
inter-subnet roaming
described 4-40
Interval parameter 11-13, 11-38
intra-controller roaming
described 4-40
illustrated 12-2
Inventory page 7-63
Invoke Channel Update Now button 11-13
Invoke Power Update Now button 11-11
IP address-to-MAC address binding
described 4-44
IP Mask parameter 4-26
IPSec parameter 5-9
IPv6 bridging
configuring
using the CLI 6-38
described 6-35
guidelines 6-36
IPv6 bridging and IPv4 web authentication example 6-37
IPv6 Enable parameter 6-38
J
Japanese country codes 7-55
Japanese regulations for migrating access points from the -J to the -U regulatory domain7-55to 7-57
K
Keep Alive Count parameter 12-22
Keep Alive Interval parameter 12-22
Key Encryption Key (KEK) parameter 5-8
Key Format parameter 6-26
Key Index parameter 6-26
key permutation
described 6-25
Key Permutation parameter 6-26
Key Size parameter 6-26
Key Wrap Format parameter 5-8
Key Wrap parameter 5-8
L
LAG. See link aggregation (LAG)
LAG Mode on Next Reboot parameter 3-32
Last Auto Channel Assignment parameter 11-14
Last Power Level Assignment parameter 11-11
Layer 1 security 5-2
Layer 2
operation 1-6
security
described 5-2
Layer 2 Security parameter 6-23, 6-26, 6-50
Layer 3
operation 1-6
security
described 5-3
Layer 3 Security parameter
for VPN passthrough 6-29
for web authentication 6-30
for web redirect 6-51
for wired guest access 10-28
LDAP
choosing server priority order 5-34
configuring
local EAP methods supported 5-32, 5-38
LDAP server
choosing local authentication bind method
using the CLI 5-36
using the GUI 5-33
LDAP Servers > New page 5-32
LDAP Servers page 5-32
LDAP Servers parameter 5-44
LEAP parameter 5-41
Learn Client IP Address parameter 13-9
Lease Time parameter 6-12
LEDs
configuring 7-74
interpreting D-2
Lifetime parameter 5-30, 10-5, 13-10
Lightweight Access Point Protocol (LWAPP) 1-6, 7-2
lightweight mode, reverting to autonomous mode 7-17
link aggregation (LAG)
configuring neighboring devices 3-33
enabling
using the CLI 3-33
using the GUI 3-32
example 3-29
guidelines 3-31
illustrated 3-30
verifying settings using the CLI 3-33
link latency
configuring
described 7-67
Link Status parameter 3-20
Link Test
button 7-66
page 7-66
link test
described 7-64
performing
using the CLI 7-67
using the GUI7-65to7-66, 8-44to 8-45
types of packets 7-64
Link Trap parameter 3-21
Load-based AC parameter 4-55
load-based CAC
enabling
using the CLI 4-62
using the GUI 4-55
lobby ambassador account
creating using the CLI 10-3
creating using the GUI10-2to 10-3
Lobby Ambassador Guest Management > Guest Users List > New page 10-4
Lobby Ambassador Guest Management > Guest Users List page 10-4, 10-6
Local Auth Active Timeout parameter 5-40
local EAP
configuring
debugging 5-49
example 5-38
viewing information using the CLI 5-47
Local EAP Authentication parameter 5-44
Local EAP Profiles > Edit page 5-41
Local EAP Profiles page 5-41
Local Management Users > New page 10-3
Local Management Users page 10-2
Local Mode AP Fast Heartbeat Timeout parameter 7-42
Local Mode AP Fast Heartbeat Timer parameter 7-42
Local Net Users > New page 5-30, 13-9
Local Net Users page 5-29, 10-6
local network users
configuring using the CLI 5-31
configuring using the GUI5-28to 5-31
local significant certificate (LSC)
configuring
described 7-19
Local Significant Certificates (LSC) page 7-19
local user database, capacity 10-2
location
calibration 11-37
viewing settings using the CLI4-85to 4-88
location appliance
installing certificate4-83to 4-84
synchronizing with controller 4-85
location-based services 11-37
location presence 4-86
logical connectivity diagram
Catalyst 3750G Integrated Wireless LAN Controller Switch E-4
Cisco 28/37/38xx Integrated Services Router E-3
Cisco WiSM E-2
logs
uploading
long preambles
described 5-49
enabling on SpectraLink NetLink phones
using the CLI 5-50
using the GUI 5-49
LWAPP-enabled access points
configuring a static IP address 7-33
debug commands 7-28
disabling the reset button 7-33
guidelines 7-16
MAC addresses displayed on controller GUI 7-32
radio core dumps
described 7-28
receiving debug commands from controller 7-28
retrieving radio core dumps 7-29
reverting to autonomous mode7-17to 7-18
sending crash information to controller 7-28
uploading
access point core dumps7-31to 7-32
M
MAC address of access point
adding to controller filter list
using the GUI8-11to 8-12, 8-30
displayed on controller GUI 7-32
MAC Address parameter 8-11
MAC filtering
configuring on WLANs6-14to 6-15
DTIM period 6-16
MAC Filtering page 8-11
MAC Filters > New page 8-11
management frame protection (MFP)
configuring
debugging 5-72
guidelines 5-66
types 5-65
Management Frame Protection parameter 5-69
Management Frame Protection Settings page 5-69
management frame validation 5-66
management interface
configuring
using the CLI 3-13
described 3-6
management over wireless
described 5-51
enabling
using the CLI 5-51
using the GUI 5-51
Master Controller Configuration page 7-4
Master Controller Mode parameter 7-4
Max Age parameter 3-26
Maximum Age parameter 3-27
maximum local database entries
configuring using the CLI 5-121
configuring using the GUI 5-121
Maximum Local Database Entries parameter 5-29, 5-121
Maximum RF Usage Per AP parameter 4-46
Max-Login Ignore Identity Response parameter 5-40
Max RF Bandwidth parameter 4-55, 4-56
MCS data rates 4-18
Member MAC Address parameter 12-12
memory
types 1-14
memory leaks, monitoringD-17to D-19
mesh
network example 8-33
parameters
configuring using the CLI 8-19, 8-23
configuring using the GUI8-14to 8-19
statistics
viewing for an access point using the CLI8-33to8-36, 8-42to 8-43
viewing for an access point using the GUI8-38to 8-42
Mesh > LinkTest Results page 8-44
mesh access points
converting to non-mesh access points 8-49
operating with Cisco 3200 Series Mobile Access Routers
configuration guidelines 8-50
described 8-50
using the CLI to configure 8-52
using the GUI to configure 8-51
mesh access points (MAPs)
selecting 8-28
mesh network hierarchy 8-3
mesh node security statistics8-41to 8-42
mesh node statistics 8-40
Message Authentication Code Key (MACK) parameter 5-8, 5-12
message logs
configuring
using the GUI D-6
viewing
using the CLI D-12
See also system logging
Message Logs page D-9
Message parameter for web authentication 10-11
Metrics Collection parameter 4-55
MFP Client Protection parameter 5-68
MFP Frame Validation parameter 5-68
migrating access points from the -J to the -U regulatory domain7-55to 7-57
Min Failed Client Count per AP parameter 11-16
Minimum RSSI parameter 4-42
mirror mode. See port mirroring, configuring
MMH MIC
described 6-25
MMH Mode parameter 6-26
Mobile Announce messages 12-7
mobility
failover 12-20
overview 12-2
Mobility Anchor Config page 12-22, 12-27
Mobility Anchor Create button 12-23
mobility anchors. See auto-anchor mobility
Mobility Anchors option 12-22
Mobility Anchors page 12-22
Mobility Group Member > New page 12-11
Mobility Group Members > Edit All page 12-13
mobility groups
configuring
using the CLI 12-14
using the configuration wizard 4-5
with one NAT device 12-8
with two NAT devices 12-9
determining when to include controllers 12-7
difference from RF groups 11-5
examples 12-7
illustrated 12-5
messaging among 12-7
number of access points supported 12-5, 12-6
number of controllers supported 12-5
using with NAT devices12-8to 12-9
mobility group statistics
types 12-16
viewing
using the CLI 12-19
mobility list
described 12-6
detecting failed members 12-20
number of controllers supported 12-7
ping requests to members 12-20
Mobility Multicast Messaging > Edit page 12-14
Mobility Multicast Messaging page 12-13
mobility ping tests, running 12-28
mobility services information, viewing 4-88
Mobility Statistics page 12-17
MODE access point button 7-17, 7-33
monitor intervals, configuring using the GUI 11-19
Multicast Appliance Mode parameter 3-21
multicast client table, viewing 4-39
multicast groups
viewing using the CLI 4-39
viewing using the GUI 4-37
Multicast Groups page 4-37
multicast mode
configuring
using the CLI 4-38
Multicast page 4-37
multiple country codes
configuration guidelines 7-49
configuring
using the CLI 7-52
using the GUI 7-51
multiple country support, using the configuration wizard 4-5
N
NAC in-band mode 6-54
NAC out-of-band integration
and hybrid REAP 13-5
configuring
diagram 6-55
NAC out-of-band support
configuring for a specific access point group
using the CLI 6-60
using the GUI 6-58
NAC State parameter 6-45, 6-58, 6-59
NAT devices in mobility groups12-8to 12-9
Native VLAN ID parameter 13-13
neighbor information
viewing for an access point using the CLI 8-46
viewing for an access point using the GUI8-43to 8-46
Neighbor Information option 8-43
Neighbor Packet Frequency parameter 11-19
neighbor statistics
viewing for an access point using the CLI 8-46
viewing for an access point using the GUI8-43to 8-46
Netbios Name Servers parameter 6-12
Netmask parameter 6-12
network analyzer supported software
AirMagnet D-39
Airopeek D-39
Omnipeek D-39
Wireshark D-39
Network Mobility Services Protocol (NMSP) 4-79
active connections 4-87
modifying the notification interval for clients, RFID tags, and rogues 4-84
viewing counters 4-87
Network parameter 6-12
notes xxv
NTP server
configuring to obtain time and date 4-10
setting in the configuration wizard 4-6
Number of Hits parameter 5-57
O
online help, using 2-2
open source terms C-8
OpenSSL license issuesC-6to C-8
operating system
security 1-5
software 1-4
organization of documentxxivto xxv
Override Global Config parameter 10-21, 10-28
Over-ride Global Credentials parameter 7-7, 7-11, 7-12
Override Interface ACL parameter 5-61
oversized access point images 7-33
over-the-air provisioning (OTAP) 7-3
P
P2P Blocking parameter 6-19
Params parameter 7-19
password
restoring 4-24
password guidelines 7-11
Password parameter
for access point authentication 7-11
for access points 7-7
for local net users 5-30, 13-10
for PACs 9-19
passwords
viewing in clear text D-6
PEAP parameter 5-41
peer-to-peer blocking
configuring
using the CLI 6-20
described 6-18
examples 6-18
Physical Mode parameter 3-21
Physical Status parameter 3-20
pico cell mode
configuring
debugging using the CLI 11-45
guidelines 11-42
versions 11-43
Pico Cell Mode parameter 11-43
ping link test 7-64
ping tests 12-28
PMK cache lifetime timer 6-24
PMKID caching 6-25
PoE Status parameter 7-72
Pool End Address parameter 6-12
Pool Start Address parameter 6-12
Port > Configure page 3-20
port mirroring, configuring3-22to 3-23
Port Number parameter
for controller 3-20
for LDAP server 5-33
for RADIUS server 5-8
for TACACS+ server 5-23
for wired guest access 10-26
Port parameter for IDS 5-103
ports
on 2100 series controllers 3-2, 3-3, 3-4
on 4400 series controllers 3-2, 3-3, 3-4
on Catalyst 3750G Integrated Wireless LAN Controller Switch 3-3, 3-5
on Cisco 28/37/38xx Series Integrated Services Router3-3to 3-4, 4-90, 7-25
Ports page 3-19
Power Assignment Leader parameter 11-11
power cable warning for Japan B-7
Power Injector Selection parameter 7-72
Power Injector State parameter 7-72
Power Neighbor Count parameter 11-11
Power over Ethernet (PoE)
configuring
using the CLI 7-73
Power Over Ethernet (PoE) parameter 3-21
Power Threshold parameter 11-11
preauthentication access control list (ACL)
applying to a WLAN
using the CLI 5-64
for external web server 10-16, 13-9
Preauthentication ACL parameter 5-62, 6-51
Pre-Standard State parameter 7-72
Primary Controller parameters 7-43
Primary RADIUS Server parameter 13-18
priming access points 7-3
Priority Order > Local-Auth page 5-34, 5-39
Priority Order > Management User page 5-11, 5-24
Priority parameter 3-27
Privacy Protocol parameter 4-28
probe request forwarding, configuring 7-62
probe requests, described 7-62
Profile Details page D-28
Profile Name parameter 6-5, 8-11, 10-27, 13-7
protected access credentials (PACs)
overview 9-18
uploading
using the GUI 9-18
using with local EAP 5-39, 13-21
Protection Type parameter 5-67, 11-35
Protocol parameter 5-56
Protocol Type parameter 4-47
PSK
configuring 6-24
described 6-22
with mesh 8-17
PSK Format parameter 6-24
public key cryptography (PKC), with mobility 12-7
purpose of document xxiv
Q
QBSS
configuring
using the CLI 6-35
using the GUI 6-34
described 6-32
guidelines 6-33
QoS
identity networking 5-74
translation values 6-30
with CAC 4-52
QoS profiles
assigning to a WLAN
using the CLI 6-31
using the GUI 6-31
configuring
QoS roles
assigning for use with hybrid REAP 13-10
configuring
QoS Roles for Guest Users page 4-49
Quality of Service (QoS) parameter 6-31
quarantined VLAN
using 13-8
with hybrid REAP 13-4
with NAC out-of-band integration 6-57
Quarantine parameter
for dynamic interface 3-17
for management interface 3-11
NAC out-of-band integration 6-57
Query Interval parameter 5-103
Queue Depth parameter 4-46
queue statistics 8-40
R
radio core dumps
described 7-28
retrieving 7-29
uploading
using the CLI 7-30
radio measurement requests
configuring
on the CLI 11-39
on the GUI 11-38
overview 11-37
viewing status using the CLI 11-40
radio preamble 5-49
radio resource management (RRM)
benefits 11-5
CCX features. SeeCCX radio management
configuring
monitor intervals using the GUI 11-19
using the configuration wizard 4-6
coverage hole detection
configuring per controller using the CLI 11-21
configuring per controller using the GUI11-15to 11-17
described 11-4
debugging 11-25
disabling dynamic channel and power assignment
using the CLI 11-33
using the GUI 11-33
overview 11-2
specifying channels11-12to 11-14
statically assigning channel and transmit power settings
using the CLI 11-30
viewing using the CLI11-23to 11-24
Wireless > 802.11a/n (or 802.11b/g/n) > RRM > TPC parameter 11-10
radio resource monitoring 11-2
RADIUS
accounting 5-3
authentication 5-3
configuring
configuring on ACS 5-4
described 5-3
FIPS standard 5-11
KEK parameter 5-12
MACK parameter 5-12
server fallback behavior 5-10
using with hybrid REAP 13-16
Range (RootAP to MeshAP) parameter 8-16
Redirect URL After Login parameter 10-10
Refresh-time Interval parameter 4-71
regulatory information
for 2100 series controllers B-10
for 4400 series controllers B-10
for lightweight access pointsB-2to B-10
related publications xxvii
Remote Authentication Dial-In User Service. See RADIUS
Request Max Retries parameter 5-40
Request Timeout parameter 5-40
Reserved Roaming Bandwidth parameter 4-55, 4-56
Reset Link Latency button 7-69
resetting the controller 9-27
restoring passwords 4-24
Re-sync button 5-105
reverse path filtering (RPF) 12-26
RF Channel Assignment parameter 11-33
RF domain. See RF groups
RF exposure declaration of conformity B-5
RF group leader
described 11-5
viewing 11-8
RF group name
described 11-6
entering 11-7
RF groups
configuring
using the CLI 11-7
using the configuration wizard 4-5
using the GUI 11-6
difference from mobility groups 11-5
viewing status
using the CLI 11-9
using the GUI 11-8
RFID tags
described 4-78
formats supported 4-78
number supported per controller 4-79
tracking
configuring using the CLI 4-80
debugging using the CLI 4-82
viewing information using the CLI4-81to 4-82
RFID tracking on access points, optimizing
RF-Network Name parameter 11-7
RLDP. See Rogue Location Discovery Protocol (RLDP)
roaming and real-time diagnostics
configuring using the CLID-31to D-34
described D-20
logs
described D-20
roam reason report 4-41
roam reason report, described 8-24
rogue access points
alarm 11-35
automatically containing
using the CLI 5-85
using the GUI 5-84
classification mapping table 5-81
classifying 5-80
detecting
using the CLI 11-36
managing 5-79
RLDP support 5-80
rule-based classification support 5-80
tagging, location, and containment 5-80
viewing and classifying
WCS support for rule-based classification 5-83
Rogue AP Detail page 5-93
Rogue AP Ignore-List page 5-96
rogue classification rules
configuring using the CLI5-89to 5-92
configuring using the GUI5-86to 5-89
Rogue Client Detail page 5-94
Rogue Location Discovery Protocol (RLDP)
configuring
defined 5-80
Rogue Location Discovery Protocol parameter 5-83
Rogue on Wire parameter 5-84
Rogue Policies page 5-83
Rogue Rule > Edit page 5-88
Rogue Rules > Priority page 5-89
Role Name parameter 4-49
root access points (RAPs)
selecting 8-28
root bridge 3-23
Root Cost parameter 3-26
Root Port parameter 3-26
RRM. See radio resource management (RRM)
RSNA logs
described D-20
Rx Sensitivity Threshold parameter 11-44
S
Save and Reboot button 9-14, 9-17
saving configuration settings 9-25
Scan Threshold parameter 4-42
Scope Name parameter 6-11
Search Clients page 7-76
Search WLANs window 6-7
Secondary Controller parameters 7-43
Secondary RADIUS Server parameter 13-18
secure web mode
described 2-2
enabling
using the CLI 2-4
using the GUI 2-3
security
overview 5-2
Security Mode parameter 8-17
Security Policy Completed parameter 6-37
security settings
local and external authentication 8-14
Select APs from Current Controller parameter 13-19
self-signed certificate (SSC)
used to authorize access points 7-18
Sequence parameter 5-55
serial port
baud rate setting 2-8
connecting 2-8
timeout 2-8
Server Address parameter 5-103
Server Index (Priority) parameter 5-8, 5-23, 5-33
Server IP Address parameter
for LDAP server 5-33
for RADIUS server 5-8
for TACACS+ server 5-23
for wireless sniffer D-41
Server Key parameter 5-43, 13-21
Server Status parameter 5-9, 5-23
Server Timeout parameter 5-9, 5-24, 5-34
service port 3-5
service-port interface
configuring
using the CLI 3-15
using the configuration wizard 4-4
described 3-8
session timeout
configuring
using the CLI 6-28
using the GUI 6-27
described 6-27
Set to Factory Default button 11-19
Severity Level Filtering parameter D-7
Shared Secret Format parameter 5-8, 5-23
Shared Secret parameter 5-8, 5-23
Short Preamble Enabled parameter 5-49
short preambles 5-49
Show Wired Clients option 7-38
shunned clients
described 5-105
viewing
using the CLI 5-106
using the GUI 5-105
Signature Events Detail page 5-113
Signature Events Summary page 5-113
Signature Events Track Detail page 5-114
Simple Bind parameter 5-33
sniffing. See wireless sniffing D-39
Sniff parameter D-41
SNMP community string
changing default values using the CLI 4-27
changing default values using the GUI4-25to 4-26
SNMP v1 / v2c Community > New page 4-26
SNMP v1 / v2c Community page 4-25
SNMP v3 users
changing default values using the CLI 4-29
changing default values using the GUI4-27to 4-29
SNMP V3 Users > New page 4-28
SNMP V3 Users page 4-27
software, upgrading
Source parameter for ACLs 5-55
Source Port parameter 5-56
Spanning Tree Algorithm parameter 3-27
Spanning Tree Protocol (STP)
configuring
described 3-23
spanning-tree root 3-23
Spanning Tree Specification parameter 3-26
SpectraLink NetLink phones
enabling long preambles
using the CLI 5-50
using the GUI 5-49
overview 5-49
Spectralink Voice Priority parameter 4-67
splash page web redirect 6-49
Splash Page Web Redirect parameter 6-51
SSC key-hash on Cisco WiSM 7-16
SSH, troubleshooting access points D-42
SSID
configuring
using the CLI 6-6
using the GUI 6-5
described 6-3
SSL certificate
generating
using the CLI 2-4
using the GUI 2-3
loading
SSL protocol 2-2
SSLv2, configuring for web administration 2-4
SSLv2 for web authentication, disabling 10-9
Standard Signature > Detail page 5-112
Standard Signatures page 5-110
Static Mobility Group Members page 12-11
Statistics option 8-39
Status parameter
for DHCP scopes 6-12
for guest LANs 10-27
for SNMP community 4-26
for WLANs 6-5
STP Mode parameter 3-25
STP Port Designated Bridge parameter 3-24
STP Port Designated Cost parameter 3-24
STP Port Designated Port parameter 3-24
STP Port Designated Root parameter 3-24
STP Port Forward Transitions Count parameter 3-24
STP Port ID parameter 3-24
STP Port Path Cost Mode parameter 3-25
STP Port Path Cost parameter 3-25
STP Port Priority parameter 3-25
STP State parameter 3-24
strong passwords 7-11
Supervisor 720
described 4-88
switch, configuring at the remote site13-5to 13-6
Switch IP Address (Anchor) parameter 12-23
SX/LC/T small form-factor plug-in (SFP) modules 3-4
symmetric mobility tunneling
configuring
using the configuration wizard 4-5
illustrated 12-26
verifying status
using the CLI 12-27
using the GUI 12-27
Symmetric Mobility Tunneling Mode parameter 12-27
syslog
described D-20
levels D-8
Syslog Configuration page D-7
Syslog Facility parameter D-8
syslog server
number supported by controller D-7
removing from controller D-7
severity level filtering D-7
Syslog Server IP Address parameter D-7
system logging
configuring
setting severity level D-8
system logs, viewing using the CLI D-12
T
TACACS+
accounting 5-18
authentication 5-17
authorization 5-17
choosing authentication priority order 5-11, 5-24
configuring
viewing administration server logs5-26to 5-28
TACACS+ (Authentication, Authorization, or Accounting) Servers > New page 5-23
TACACS+ (Authentication, Authorization, or Accounting) Servers page 5-22
TACACS+ (Cisco) page (on CiscoSecure ACS) 5-20
TACACS+ Administration .csv page (on CiscoSecure ACS) 5-27, 5-28
telemetry 4-78
Telnet, troubleshooting access points D-42
terminal emulator settings 2-8
Tertiary Controller parameters 7-44
text2pcap sample output D-37
TFTP server guidelines 9-2
time, configuring
using the CLI 4-11
using the GUI 4-10
using the NTP server 4-10
time-length-values (TLVs), supported for CDP4-69to 4-70
timeout, configuring for disabled clients 6-15
Time Since Topology Changed parameter 3-26
timestamps, enabling or disabling in log and debug messages D-12
Time to Live for the PAC parameter 5-43, 13-21
time zone
configuring using the CLI 4-12
configuring using the GUI 4-11
TKIP
described 6-22
parameter 6-23
Topology Change Count parameter 3-26
traffic specifications (TSPEC) request
described 4-53
examples 4-53
traffic stream metrics (TSM)
configuring
using the CLI 4-63
using the GUI 4-55
described 4-54
viewing statistics
Transfer Mode parameter
downloading a CA certificate 9-16
downloading a configuration file 9-23
downloading a customized web authentication login page 10-18
downloading a device certificate 9-14
upgrading controller software 9-9
uploading a configuration file 9-21
uploading a PAC 9-19
Transition Time parameter 4-43
transmit power
statically assigning using the CLI 11-30
statically assigning using the GUI11-26to 11-30
transmit power levels 11-29
Transmit Power parameter 11-44
transmit power threshold, decreasing 11-20
troubleshooting
access point join process7-24to 7-28
using Telnet or SSH D-42
tunnel attributes and identity networking 5-76
Tx Power Level Assignment parameter 11-33
Type parameter 6-4, 10-27, 13-7
U
U-APSD
described 4-54
viewing status
using the CLI 4-65
using the GUI 4-58
UDP, use in RADIUS 5-4
unicast mode 4-34
unique device identifier (UDI)
described 7-63
retrieving
using the CLI 7-64
Upload button 5-110, 7-30, 9-19, D-15
Upload CSV File parameter 13-20
Upload File from Controller page 7-29, 9-18, 9-21, D-15
URL parameter 10-17
Use AES Key Wrap parameter 5-7
User Access Mode parameter 10-3
user accounts, managing10-1to 10-20
User Attribute parameter 5-33
User Base DN parameter 5-33
User Credentials parameter 5-34
User Name parameter 5-30, 13-10
Username parameter 7-6, 7-10, 7-11
User Object Type parameter 5-33
User parameter 9-19
User Profile Name parameter 4-28
Using Our SSID parameter 5-84
V
Validate Rogue Clients Against AAA parameter 5-84
Valid Client on Rogue AP parameter 5-84
Validity parameter 9-19
VCCI warnings for controllers B-7
VCI strings 7-24
Verify Certificate CN Identity parameter 5-42
video information, viewing for mesh networks using the CLI8-33to 8-36
video settings
configuring
using the CLI 4-63
viewing
virtual interface
configuring
using the CLI 3-14
using the configuration wizard 4-5
VLAN Identifier parameter
for AP-manager interface 3-12
for dynamic interface 3-16, 3-17
for management interface 3-11
VLAN interface. See dynamic interface
VLAN Mappings
button 13-13
page 13-13
VLANs
described 3-8
guidelines 3-10
VLAN Support parameter 13-13
VLAN tag, and identity networking 5-75
Voice & Video Optimized parameter 4-67
voice information, viewing for mesh networks using the CLI8-33to 8-36
Voice Optimized parameter 4-67
voice-over-IP (VoIP) telephone roaming 4-40
Voice RSSI parameter 11-16
voice settings
configuring
viewing
VPN Gateway Address parameter 6-29
VPN passthrough
configuring using the CLI 6-29
configuring using the GUI6-28to 6-29
W
warnings
webauth.tar files 10-21
webauth bundle 10-17
web authentication
configuring a WLAN for
using the CLI 6-30
using the GUI 6-29
described 10-7
successful login page 10-9
web authentication login page
assigning per WLAN
using the CLI 10-22
using the GUI 10-21
choosing the default
customized example 10-20
customizing from an external web server
using the CLI 10-17
default 10-8
downloading a customized login page
guidelines 10-17
using the CLI 10-19
modified default example 10-13
verifying settings using the CLI 10-20
Web Authentication option 10-28
Web Authentication Type parameter 10-10, 10-17, 10-19
Web Auth Type parameter 10-21, 10-28
web-browser security alert 10-7
web mode
configuring
using the CLI 2-4
using the GUI 2-3
described 2-2
Web Passthrough option 10-28
Web Policy parameter 5-62, 6-51
web redirect 6-48
Web Server IP Address parameter 10-17
Web Session Timeout parameter 2-3
WEP keys, configuring 6-21
WGB parameter 7-38
WGB Wired Clients page 7-38
wired guest access
configuration overview 10-25
configuring
guidelines 10-25
one-controller example 10-24
two-controller example 10-24
wireless intrusion prevention system (wIPS)
configuring on an access point5-118to 5-119
described 5-118
viewing information5-119to 5-120
wireless sniffing
configuring
using the CLI D-41
prerequisites D-39
supported software D-39
WLAN ID parameter 6-5
WLAN Profile parameter 5-30, 13-10
WLANs
assigning web login, login failure, and logout pages
using the CLI 10-22
using the GUI 10-21
checking security settings 6-21
configuring
conditional web redirect6-49to 6-52
static and dynamic WEP 6-22
connecting clients to 13-15
creating
using the CLI 6-5
deleting
using the CLI 6-6
using the GUI 6-4
described1-11, 3-9to 3-10, 6-3
enabling or disabling
using the CLI 6-6
using the GUI 6-5
number supported 6-2
searching 6-7
session timeout
configuring 6-27
described 6-27
splash page web redirect 6-49
wired security solution 1-5
WLANs > Edit (Advanced) page 6-53
applying an ACL to a WLAN 5-61
configuring AAA override 5-79
configuring infrastructure MFP for a WLAN 5-68
configuring IPv6 bridging 6-38
configuring NAC out-of-band integration 6-58
configuring the diagnostic channel D-20
WLANs > Edit (QoS) page 6-34
WLANs > Edit (Security > AAA Servers) page
assigning LDAP servers to a WLAN 5-35
choosing RADIUS or LDAP servers for external authentication 10-21
disabling accounting servers on a WLAN 6-52
enabling local EAP on a WLAN 5-44
WLANs > Edit (Security > Layer 2) page 6-23, 6-26
WLANs > Edit (Security > Layer 3) page
applying a preauthentication ACL to a WLAN 5-61
configuring a WLAN for VPN Passthrough 6-29
configuring web redirect 6-51
configuring wired guest access 10-28
WLANs > Edit page 6-5, 10-27, 13-7
WLANs > New page 6-4, 8-24, 8-25, 8-45, 8-46, 10-27, 13-7
WLAN SSID parameter
configuring for guest user 10-5
creating a centrally switched WLAN 13-7
creating WLANs 6-5
identifying the guest LAN 10-27
mapping an access point group to a WLAN 6-45, 6-59
WMM
described 6-32
with CAC 4-52
WMM parameter 4-67
WMM Policy parameter 6-34
workgroup bridges (WGBs)
debugging 7-40
described 7-34
guidelines 7-35
illustrated 7-34
sample configuration 7-37
viewing status
using the CLI 7-40
WPA1+WPA2
configuring
using the CLI 6-24
described 6-22
WPA2 Policy parameter 6-23
WPA Policy parameter 6-23